1. Technical Field
The present invention relates to a method of operating a network. In particular, the present invention relates to a method of operating a data network or internetwork (i.e. a collection of different networks linked together, the most well known example of which is the Internet), as well as to a network or internetwork operating in accordance with such a method and individual devices operable to carry out such a method within such a network.
2. Background
The Internet is a collection of different packet-switched networks linked together to form an internetwork. In order to successfully send data from one node on the Internet to another, a protocol referred to as the Internet Protocol (IP) is used. This enables an IP datagram to be routed through the Internet from a transmitting or originating source node to a receiving or terminating destination node. As will be well known to persons skilled in the art of data networks, IP is a layer 3 or network layer protocol when compared with the ISO seven layer reference model of data networks. This essentially means that it is responsible for carrying data over multiple hops across a network or internetwork. Thus at each hop the ultimate IP address is read and an onward route is selected unless the data happens to have arrived at the destination node in which case it is passed up the layer stack.
Thus, IP is a data-oriented protocol used by source, destination and intermediate nodes (which might, for example, be a web server, a web client and multiple routers respectively) for communicating data across a packet-switched network (or, more usually, an internetwork). Furthermore, IP has the property that no specific set-up process is required before a source node attempts to transmit data to a destination node, irrespective of whether the nodes have previously communicated with one another before and irrespective of the type of data to be transmitted.
In order to achieve this, IP specifies that data is transmitted in IP datagrams, each of which comprises a header portion and a payload portion. The data to be transmitted (or a portion of it) is carried in the payload portion of an IP datagram whilst the header contains information which enables intermediate routers to process the datagram as a whole in an appropriate manner to try to deliver it to the destination node.
As mentioned above, IP represents only one layer out of many provided by an internetwork in order to enable data to be successfully transmitted over the internetwork which, by comparison with the seven layer OSI Reference Model, corresponds approximately to level 3, the Network level. “Beneath” the network layer is both a data link layer and a physical layer, and therefore each IP datagram is likely to be encapsulated within one or more lower layer (i.e. the link layer) data packets for transmission from one node on a network to another on the same network. However, each node will “strip out” the IP datagram from the received packet(s) and pass this to an IP function within each intermediate node, as well as at the destination node. The IP function within each intermediate node then reads the IP header portion to determine if it is the destination node. If it is the destination node, it will pass the contents of the payload portion of the IP datagram to the next layer function identified in the header portion of the IP datagram (e.g. to a Transport Control Protocol (TCP) function or to a User Datagram Protocol (UDP) function), if not, it will try to forward on the IP datagram towards the destination node—the mechanics of this are described in greater detail below. Intermediate nodes which are connected to multiple different networks and which are therefore important interconnecting nodes having often many direct connections with other nodes are typically known as routers or gateways and usually perform data transfer as their sole or primary purpose.
Internetworks can generally be considered as hierarchical entities which can be viewed at different scales. At a high level scale one can consider so-called Autonomous Systems (AS's). These will generally be connected together to form an internetwork of AS's. Each AS will typically comprise a network itself or even an internetwork, itself being formed from a number of smaller networks or subnetworks. Routers which connect different AS's together are often referred to as Border Gateways. In order to route traffic over an internetwork formed from a plurality of AS's, each AS maintains a routing table setting out to which neighbouring AS traffic should be sent in order to reach any given IP destination address. In some internetworks, these routing tables may be maintained in an autonomous manner using one of the inter-domain routing protocols (a domain is an AS) known as Border Gateway Protocol (BGP) of which the most current version at the filing date of the present application is BGP version 4 (as defined in the Internet Engineering Task Force's (IETF's) Request For Comments (RFC) 1654). With BGP, Transport Control Protocol (TCP) connections are established between AS's in order to transfer routing information between border gateway routers.
Within an autonomous system, a similar mechanism is used to route IP datagrams through the network from one point to another in which the routers again maintain a routing table. However, instead of using BGP, an Interior Gateway Protocol (IGP) is used instead. There are a number of IGP's currently in use. One popular IGP for relatively small networks is Routing Information Protocol (RIP) which uses the User Datagram Protocol (UDP) to transmit routing information between co-operating routers instead of forming TCP connections. Using RIP, a gateway host (with a router) sends its entire routing table (which lists all the other hosts it knows about) to its closest neighbour host every 30 seconds. The neighbour host in turn passes the information on to its next neighbour and so on until all hosts within the network have the same knowledge of routing paths, a state known as network convergence. RIP uses a hop count as a way to determine network distance. (Other protocols use more sophisticated algorithms that may, for example, include timing as well.) There are a number of different incarnations of RIP. One current version of RIP (known as RIP 2) is specified in IETF's RFC 2453.
Another popular IGP is Open Shortest Path First (OSPF) protocol. This is similar to RIP except that it has less overhead because it only transmits messages when there has been a change in a router's routing table. Also, it transmits more information than is transmitted in RIP. It also permits groups of nodes to be formed into areas, the internal structures of which are hidden from nodes outside of the areas, which simplifies routing within large AS's.
However, with all of these protocols there are possibilities for problems to occur. In particular, if bad routing information is gets into the system (either because one or more routers are malfunctioning in some way and therefore sending out erroneous information, or simply behaving poorly but still sending out information indicating that they are not behaving poorly, or because they have been compromised (e.g. if they have been “hacked” by a malicious third party), or because a “hacker” succeeds in passing false routing information to routers (“spoofing”) which they then act upon. Any of these problems can send the system into chaos, causing large numbers of lost or heavily delayed packets (e.g. by a hacked router informing all neighbouring routers that it represents the best next hop to all destinations and then simply throwing away any received packets rather than forwarding them on). Moreover, by analysing control and data traffic, confidential information carried in the traffic may be exposed via a hacked router to unauthorised third parties.
Most attempts to deal with security issues involving routers have concentrated on authenticating communications between routers so that so-called “man-in-the-middle” and similar types of attack are prevented (or at least rendered more difficult). However, such approaches involve a significant amount of overhead, both in terms of processing cycles (to perform encryption and decryption) and in terms of extra information being broadcast (digital signatures, hash functions, etc.). Furthermore, they are wholly ineffective against the risk of “hacked” legitimate routers. Furthermore, all of these approaches are rather superficial, in that they attempt to deal on an ad hoc basis with any resulting problem/symptom rather than seeking to address the fundamental underlying cause.